[img_assist|nid=2841|title=|desc=|link=none|align=left|width=100|height=100]Cisco has discovered a buffer overflow in version 2.6 of CiscoWorks Internetwork Performance Monitor (IPM) and previous versions for Windows; the flaw allows attackers to compromise vulnerable systems remotely, as well as a DDos flaw in Cisco IOS XR. Read the full article. [The H Security]
has released the latest iteration of its flagship Firefox browser with
a few significant security goodies to keep malicious hacker at bay. The update, which is being shipped via the browser’s automatic
update mechanism, includes new features to patch third-party Firefox
plug-ins and lock out rogue add-ons.
[img_assist|nid=2829|title=|desc=|link=none|align=left|width=100|height=100]Analysis of the 32 million passwords recently exposed in the breach of
social media application developer RockYou last month provides further
proof that consumers routinely use easy to guess login credentials. Read the full article. [The Register]
One day after a Google security researcher releases code to expose a flaw that affects every release of the Windows NT kernel — from Windows NT 3.1 (1993) up to and including Windows 7 (2009) — Microsoft has released a security advisory to acknowledge the issue and warn of the risk of privilege escalation attacks.
[img_assist|nid=2818|title=|desc=|link=none|align=left|width=80|height=131]Mozilla yesterday reported a “huge increase” in downloads of Firefox in
Germany after that country’s computer security agency urged users of
Microsoft’s Internet Explorer to dump the browser and run a rival
instead. Read the full article. [Computerworld]
[img_assist|nid=2812|title=|desc=|link=none|align=right|width=100|height=100]Although the first known attacks using the Aurora malware that compromised Google weren’t discovered until late last year, some parts of the malware codebase has been in existence in China for nearly four years, raising questions about how many other attacks it might have been used in during that time frame.
[img_assist|nid=2806|title=|desc=|link=none|align=left|width=100|height=100]This is just a quick heads-up that the emergency security patch for Microsoft’s Internet Explorer will be released tomorrow (January 21, 2009).The update, rated critical for all versions of IE, will cover a remote code execution flaw that has already been used in targeted attacks against U.S. companies, including Google and Adobe.
[img_assist|nid=2716|title=|desc=|link=none|align=right|width=114|height=77]Here are some steps Microsoft and other security firms recommend you
can take now to help defend yourself against the IE Aurora attacks. Read the full article. [Dark Reading]
[img_assist|nid=2807|title=|desc=|link=none|align=left|width=100|height=100]Even though online job scams have become more convincing as criminals
have honed their skills, sometimes victims don’t fall for them – they
jump into them. Read the full article. [SFGate]
[img_assist|nid=2827|title=|desc=|link=none|align=right|width=67|height=100]Dennis Fisher talks with Tom Kellermann of Core Security about the Google attack, the priorities for new cyber coordinator Howard Schmidt and the economic and political realities of advanced persistent threats.